Could GPS Hackers Cause the Next Flash Crash?

Could the next big trading glitch come from the sky? An
expert in satellite technology says its possible, and he
wants more traders and investors to be aware of the potential
problem.

The danger lies with the global positioning satellite
system, according to Todd Humphreys, a professor of aerospace
engineering and engineering mechanics at the University of
Texas at Austin. High frequency traders depend on GPS
technology for accurate time signals to guide their trading
strategies, but the satellite systems rooftop receivers
are vulnerable to jamming, he contends. GPS signals can also
become the target of hacking attacks, known as
spoofing, that can send out false time signals and
disrupt trading, he adds.

To date, there have been no official reports of GPS
technology jamming or spoofing impacting securities trading or
the financial industry, according to the Financial Services
Information Sharing and Analysis Center (FS-ISAC), a clearing
house for security updates, and the American Bankers
Association. But that doesnt mean such attacks
couldnt happen, considering our ever-widening dependence
on GPS technology.

GPS jamming and spoofing has plagued a host of other
industries and organizations, which depend on the precise time
and location data provided by the systems constellation
of 31 satellites. In 2009, for instance, GPS-guided systems at
Newark Liberty International Airport were disrupted by a
trucker in the area using a GPS jammer to prevent his employer
from monitoring his whereabouts. It took the airport several
months to correctly identify the problem. Tests show that
cellular networks that rely on GPS technology for precise
timing can be spoofed, causing cellular towers to block phone
calls and 911 services. And in May of this year, South Korea
complained that North Korea was intentionally jamming the
Souths airline GPS systems and the location data they
provide to pilots, potentially putting lives at risk.

Its not surprising, then, that concerns have been
voiced about potential vulnerabilities in the U.S. financial
services industry, and in particular among high frequency
traders.

How exactly do traders use GPS technology?

Global positioning satellites transmit precise time data to
GPS antennas sitting atop data centers, where many high
frequency trading firms house their computer systems. The
antennas transmit this information to a firms trading
computers. Such signals help to correctly guide a firms
high speed trading algorithms, the software programs that
execute trading strategies in fractions of a second. The time
signals ensure that at each decision point in the algorithm, it
has the correct time in relation to data it receives from other
sources. It also helps to ensure that time stamps and time
records are kept correctly. This allows for the proper ordering
of transactions and time synchronization throughout the
network. If the algorithm does not receive the correct time,
the trading strategies may not function properly, strategies
may fail to be adjusted or corrected in a profitable way, or
algorithms may stop working altogether.

If you mess with the timing of a GPS source, you could
make it look like a price is going up rather than going down
and impact real-time trading, says Victor Yodaiken, CEO
of FSM Labs, a provider of time synchronization software for
high frequency trading firms.

The big danger, says Humphreys, is that when the algorithms
employed by high-speed traders detect discrepancies in time
data, they may stop functioning and create a liquidity vacuum,
akin to what happened in the flash crash on May 6, 2010.

If I were of a mind to, my students and I could make
money off of our knowledge of the vulnerabilities of GPS,
says Humphreys, who has built what Mark Psiaki, a professor of
mechanical and aerospace engineering at Cornell University, has
described as the baddest GPS hacking device
known.

Secondly, we could cause confusion in the
markets, Humphreys insists. While I dont
think we could cause anything the size of the flash crash, we
could cause a miniature flash crash through GPS spoofing and
the scaring away of high frequency traders. Earlier in
June, when he conducted a GPS spoofing demonstration for the
U.S. Department of Homeland Security, Humphreys and his
students were able to take control of an unmanned aerial drone
by sending out false GPS signals.

In July Humphreys testified about GPS vulnerabilities before
the Oversight subcommittee of the House of Representatives
Committee on Homeland Security, and said he believed most major
exchanges were aware of the spoofing threat. He said network
service managers at the New York Stock Exchange, BATS Exchanges
and the London Stock Exchange assured him they had taken
precautions against GPS spoofing by employing back-up time
management systems such as atomic clocks and network-based time
systems. Such alternatives can kick in if a GPS-based time
system acts oddly, provides time data outside of normal
parameters or stops functioning. A spokesperson at the NYSE
said the company did not comment on security matters but did
say the company was equipped to handle long GPS outages and
used a number of back-up systems.

Yet other parts of the markets, including high frequency
trading firms, may be unprotected. High frequency traders
whose servers are co-located with the matching engines at major
exchanges may be more vulnerable to GPS spoofing,
Humphreys told the House subcommittee. Many co-located
customers, distrustful of the exchanges system time, opt
for the direct GPS feed.

Humphreys says he has conducted tests at the University of
Texas that showed GPS equipment used by some trading firms can
be compromised. If that happens, those firms might leave the
market en masse.

So whats the response of the industry? One high
frequency trader sniffed at Humphreyss concerns, calling
his warnings super old hat. High frequency traders
know about the GPS systems vulnerabilities and the need
to employ backup time systems, he says. Although this trader
acknowledged that its possible to spoof GPS signals, he
did not think it could seriously impact trading activity.

Eran Fishler, director of algorithmic trading at Pragma
Securities in New York, points out that GPS jamming is illegal,
which serves as a major deterrent. He also says most high
frequency firms have various timing systems in place, aside
from GPS technology. My sense is that its not a
real issue, Fishler said.

Others are more wary. According to Roji Oommen, director of
business development at Savvis Inc., a manager of 32 data
centers, GPS vulnerabilities are a well known
theoretical risk, and he welcomes the attention Humphreys
has brought to the issue. Its quite possible that
firms whose trading strategies are not quite so sensitive about
time may not pay attention to these issues and may thus be
vulnerable to GPS jamming or spoofing, Oommen said. He
hopes that the financial industry will become more vocal about
best practices in this area and possibly create standards to
ensure greater safety in systems that use GPS.

According to the Financial Industry Regulatory Authority and
the Securities Industry & Financial Markets Association, no
standards currently exist regarding the use of GPS-based
technology within the industry.

Charles Barry, a serial entrepreneur who recently sold
Brilliant Telecommunications, a network timing and
synchronization firm, to Juniper Networks, says the possibility
of GPS jamming and spoofing impacting financial firms is a
legitimate concern now that jamming devices are so prevalent
and spoofing is more widely known. There is definitely a
higher degree of risk, Barry said. Although that risk can
be mitigated, he questioned whether all trading firms have
taken steps to contain the risk.

Jennifer Bayuk, a security consultant to the financial
services industry and director of the systems security
engineering program at the Stevens Institute of Technology,
says an overreliance on the part of a trading firm on
auto-setting clocks based on GPS time, could cause multiple
problems: The timing of financial transactions could be
mislabeled, causing the audit trails of trades to be incorrect;
counterparties might record disparate transaction times and
automated reconciliation processes could process transactions
that are outside their accepted boundary conditions while
system servers could be spoofed into automated shutdowns.

She recommends that firms install multiple timing
systems.

According to Tim Klimasewski, director of marketing services
at Spectracom, the firm has anticipated problems because of
trading firms excessive reliance on GPS timing and now
offers hybrid timing technology based on both GPS and Glonass
time systems, the latter being the global navigation satellite
system developed in Russia. The idea is that you have two
completely independent but complementary time systems in place
so that if the GPS system goes out, gets jammed or spoofed,
there is a another, satellite-based system in place to provide
accurate time, he says. However, the firm has yet to see
widespread adoption of such technology by trading firms.
Alternatively, Symmetricom has recently introduced a new
network-based time synchronization system, specifically
designed for use by high frequency trading firms, described as
enabling accurate time stamping of trade transactions and
providing nanosecond caliber accuracy.

So what does Professor Humphreys think trading firms of all
stripes should be doing to protect against the possibility of
GPS jamming and spoofing attacks? They should build their
system to be highly suspicious of GPS systems, he says.
This means the use of backup timing systems, cross-checks of
GPS time against non-GPS timing sources and the use of special
GPS receivers that are regularly on the lookout for spoofing.
Unfortunately, thats not an easy thing to do, as
there isnt much commercial hardware that has enough
paranoia built into it yet, says Humphreys. But at
the very least, they should be utilizing redundant atomic
clocks, and if time is moving too swiftly on one of them, that
should raise an alarm.